Jürgen Herrmann wrote at 2005-10-19 15:34 +0200: >i use the SimpleUserFolder product and derive a MyUser class from it's >included User class, which in turn inherits from BasicUser. > >the SimpleUserFolder's User class does neither reimplement >getRolesInContext() nor allowed(). i looked at the source of >BasicUser (lib/python/AccessControl/User.py) and found out that >allowed() does not use the information provided by getRolesInContext(). >i found this comment: > # Still have not found a match, so check local roles. We do > # this manually rather than call getRolesInContext so that > # we can incur only the overhead required to find a match. > >so if i reimplement getRolesInContext() in MyUser, i'll probably also >have to reimplement allowed() to reflect the possibly added local roles, >right?
Yes. > ... >ps: looking at the code of allowed() i doubt that the "manual" checking >of local roles will speed this method up a lot: local roles seem to be >a seldomly used feature, the improvement in speed would only occur if >the object in question was protected by a local role Be careful about terminology! Objects are not protected by roles (but by permissions). You gain something if a near local role grants the necessary permission. The "Owner" local role tends to be very near. Thus, you may gain, when usually owners try to execute protected methods. >(and not a normal >one). is this enough to justify duplicated code with all of it's >disadvantages)? Nobody prevents you to implement your "allowed" by means of "getRolesInContext". -- Dieter _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )